Go Big or GO HOME!
https://ift.tt/goyzKRn
Submitted January 14, 2026 at 11:42PM by kobsoN
via reddit https://ift.tt/E4WXTZo
https://ift.tt/goyzKRn
Submitted January 14, 2026 at 11:42PM by kobsoN
via reddit https://ift.tt/E4WXTZo
Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC
https://ift.tt/dmNfGl8
Submitted January 15, 2026 at 02:02PM by AlmondOffSec
via reddit https://ift.tt/X1pwN65
https://ift.tt/dmNfGl8
Submitted January 15, 2026 at 02:02PM by AlmondOffSec
via reddit https://ift.tt/X1pwN65
neodyme.io
Drone Hacking Part 1: Dumping Firmware and Bruteforcing ECC
Desoldering a drone's flash chip and reconstructing the firmware from broken data.
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
https://ift.tt/PDgVU2s
Submitted January 15, 2026 at 04:24PM by lohacker0
via reddit https://ift.tt/6bDNSBm
https://ift.tt/PDgVU2s
Submitted January 15, 2026 at 04:24PM by lohacker0
via reddit https://ift.tt/6bDNSBm
Varonis
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
Varonis Threat Labs discovered a way to bypass Copilot’s safety controls, steal users’ darkest secrets, and evade detection.
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
https://ift.tt/lzKJ8ro
Submitted January 15, 2026 at 09:12PM by Fun_Preference1113
via reddit https://ift.tt/Vl7uTyz
https://ift.tt/lzKJ8ro
Submitted January 15, 2026 at 09:12PM by Fun_Preference1113
via reddit https://ift.tt/Vl7uTyz
Cymulate
CVE-2026-20965: Cymulate Research Labs Discovers Token Validation Flaw that Leads to Tenant-Wide RCE in Azure Windows Admin Center
Cymulate Research Labs uncovered CVE-2026-20965, a token validation flaw in Azure Windows Admin Center enabling tenant-wide RCE and lateral movement.
Demonstration: prompt-injection failures in a simulated help-desk LLM
https://ift.tt/WDU5VnC
Submitted January 15, 2026 at 10:24PM by thePROFITking
via reddit https://ift.tt/RWXPKbe
https://ift.tt/WDU5VnC
Submitted January 15, 2026 at 10:24PM by thePROFITking
via reddit https://ift.tt/RWXPKbe
IHackAI
IHackAI - AI Security Training Platform | ihackai.com
IHackAI (ihackai.com) - Master AI security through hands-on challenges. Learn prompt injection, jailbreaking, and defense strategies.
Technical Analysis: ServiceNow AI Agent Vulnerability (CVE Analysis + Prevention)
https://ift.tt/crd8590
Submitted January 15, 2026 at 11:36PM by opena2a
via reddit https://ift.tt/XAm0Pwc
https://ift.tt/crd8590
Submitted January 15, 2026 at 11:36PM by opena2a
via reddit https://ift.tt/XAm0Pwc
OpenA2A
The ServiceNow AI Vulnerability: What Went Wrong
85% of Fortune 500 exposed. Learn how AI agents need purpose-built security, not retrofitted legacy authentication.
Closing the Door on Net-NTLMv1: Releasing Rainbow Tables to Accelerate Protocol Deprecation
https://ift.tt/e9jHNiS
Submitted January 15, 2026 at 10:52PM by AlmondOffSec
via reddit https://ift.tt/4epqAOB
https://ift.tt/e9jHNiS
Submitted January 15, 2026 at 10:52PM by AlmondOffSec
via reddit https://ift.tt/4epqAOB
Google Cloud Blog
Releasing Rainbow Tables to Accelerate Protocol Deprecation | Google Cloud Blog
Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1.
WinBoat: Drive by Client RCE + Sandbox escape.
https://ift.tt/pXIgb6w
Submitted January 16, 2026 at 06:05AM by reddit4matt
via reddit https://ift.tt/a7mIYV8
https://ift.tt/pXIgb6w
Submitted January 16, 2026 at 06:05AM by reddit4matt
via reddit https://ift.tt/a7mIYV8
hack.do
WinBoat: Drive by Client RCE + Sandbox escape.
A remote webpage can abuse an unauthenticated guest HTTP API to compromise the Windows guest container, then feed a malicious app entry leading to Linux host code execution on click.
Multiple cross-site leaks disclosing Facebook users in third-party websites
https://ift.tt/WEtpCaP
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/o6YUsEA
https://ift.tt/WEtpCaP
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/o6YUsEA
Youssef Sammouda (sam0) personal blog
Multiple cross-site leaks disclosing Facebook users in third-party websites
Introduction This write-up consolidates several XS-Leak issues discovered across Meta-owned platforms, including Facebook, Workplace, Meta for Work, and internal Meta surfaces.
Instagram account takeover via Meta Pixel script abuse
https://ift.tt/h2T41Xx
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/LOvST2n
https://ift.tt/h2T41Xx
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/LOvST2n
Youssef Sammouda (sam0) personal blog
Instagram account takeover via Meta Pixel script abuse
Introduction Meta’s web ecosystem relies on cross-window messaging between first-party websites. In many cases, the only security control enforced is an origin check validating that messages originate from facebook.com or its subdomains.
Leaking Meta FXAuth Token leading to 2 click Account Takeover
https://ift.tt/9i3Tqer
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/jyiFQmW
https://ift.tt/9i3Tqer
Submitted January 16, 2026 at 03:56PM by smaury
via reddit https://ift.tt/jyiFQmW
Youssef Sammouda (sam0) personal blog
Leaking Meta FXAuth Token leading to 2 click Account Takeover
Introduction FXAuth is Meta’s shared authentication system used across Facebook, Instagram, and Meta (Horizon / VR). It is used by Accounts Center for account linking, re-authentication, and sensitive action confirmation.
StackWarp: Exploiting Stack Layout Vulnerabilities in Modern Processors
https://ift.tt/79AGbsU
Submitted January 16, 2026 at 08:19PM by YogiBerra88888
via reddit https://ift.tt/8Z5Uvxs
https://ift.tt/79AGbsU
Submitted January 16, 2026 at 08:19PM by YogiBerra88888
via reddit https://ift.tt/8Z5Uvxs
ServiceNow Virtual Agent Auth Bypass → AI Agent Privilege Escalation (85% Fortune 500 affected)
https://ift.tt/crd8590
Submitted January 16, 2026 at 09:52PM by opena2a
via reddit https://ift.tt/GaIBcUg
https://ift.tt/crd8590
Submitted January 16, 2026 at 09:52PM by opena2a
via reddit https://ift.tt/GaIBcUg
OpenA2A
The ServiceNow AI Vulnerability: What Went Wrong
85% of Fortune 500 exposed. Learn how AI agents need purpose-built security, not retrofitted legacy authentication.
How I used an agent to hunt vulns
https://ift.tt/eVHm8PN
Submitted January 17, 2026 at 04:59PM by 746865626c617a
via reddit https://ift.tt/Wo2cQBN
https://ift.tt/eVHm8PN
Submitted January 17, 2026 at 04:59PM by 746865626c617a
via reddit https://ift.tt/Wo2cQBN
blazelight.dev
I do things on the computer.
Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK
https://ift.tt/CxURkIa
Submitted January 18, 2026 at 03:17PM by smaury
via reddit https://ift.tt/q92IRtz
https://ift.tt/CxURkIa
Submitted January 18, 2026 at 03:17PM by smaury
via reddit https://ift.tt/q92IRtz
After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes
https://ift.tt/uMot4NV
Submitted January 19, 2026 at 01:06AM by 0x5h4un
via reddit https://ift.tt/aQn7ON2
https://ift.tt/uMot4NV
Submitted January 19, 2026 at 01:06AM by 0x5h4un
via reddit https://ift.tt/aQn7ON2
disclosing.observer
After the Takedown: Excavating Abuse Infrastructure with DNS Sinkholes - Disclosing.Observer
DNS sinkholing does not erase abuse infrastructure but captures it at the moment of intervention, creating a stable boundary from which pre-takedown organiza...
"synthetic vulnerabilities" — security flaws unique to AI-generated code
https://ift.tt/AyMqNp1
Submitted January 19, 2026 at 04:38PM by bishwasbhn
via reddit https://ift.tt/i5nhR7z
https://ift.tt/AyMqNp1
Submitted January 19, 2026 at 04:38PM by bishwasbhn
via reddit https://ift.tt/i5nhR7z
Write-up: Cloudflare Zero-day: Accessing Any Host Globally
https://ift.tt/IbniG3T
Submitted January 19, 2026 at 08:02PM by xIsis
via reddit https://ift.tt/2rPoyM6
https://ift.tt/IbniG3T
Submitted January 19, 2026 at 08:02PM by xIsis
via reddit https://ift.tt/2rPoyM6
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.
Frida 17.6.0 released – major Android stability improvements, Android 16 support
https://ift.tt/pSRwOk4
Submitted January 19, 2026 at 09:02PM by oleavr
via reddit https://ift.tt/9kPJTXU
https://ift.tt/pSRwOk4
Submitted January 19, 2026 at 09:02PM by oleavr
via reddit https://ift.tt/9kPJTXU
Frida • A world-class dynamic instrumentation toolkit
Frida 17.6.0 Released
Observe and reprogram running programs on Windows, macOS, GNU/Linux, iOS, watchOS, tvOS, Android, FreeBSD, and QNX
Successful Errors: New Code Injection and SSTI Techniques
https://ift.tt/vX6FBgE
Submitted January 18, 2026 at 09:37PM by vladko312
via reddit https://ift.tt/W3N7LXF
https://ift.tt/vX6FBgE
Submitted January 18, 2026 at 09:37PM by vladko312
via reddit https://ift.tt/W3N7LXF
GitHub
GitHub - vladko312/Research_Successful_Errors: Clear and obvious name of the exploitation technique can create a false sense of…
Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never researched, the technique itself is never mentioned and payloads a...
Cloudflare Zero-day: Accessing Any Host Globally
https://ift.tt/IbniG3T
Submitted January 20, 2026 at 04:52PM by albinowax
via reddit https://ift.tt/RHLPq5g
https://ift.tt/IbniG3T
Submitted January 20, 2026 at 04:52PM by albinowax
via reddit https://ift.tt/RHLPq5g
fearsoff.org
Cloudflare Zero-day: Accessing Any Host Globally
Discover how a Cloudflare WAF bypass in /.well-known/acme-challenge/ exposed origins, its impact, and the fix. A must-read for security pros.